Spy Sweeper with AntiVirus 5.2.3.2120 released

can it catch eicar and real viruses in real time?

lodore

 

Hi lodore,

Thanks for reminding. I don't have any virus sample for the past few months because they have been deleted by mistake by KAV. I didn't do the EICAR test during beta testing as I think this is the very basic and fundamental thing that their quality control should be doing first. I have been focusing more on stability and compatability.

To my surprise, the Virus Shield in SS 5.2 failed to alert me of the EICAR file, although an on-demand sweep picked it up. KAV immediately alerted me of the EICAR file when I double click the file, but I got no alert from SS when I double click it. It is my mistake that I didn't test the EICAR file with the Virus Shield in previous testing.

I have created a ticket on this.

 

thanks for letting me know the results.

 

Thanks Lodore. I have not seen any tests of Sophos. Does anyone have a good feel for its effectiveness?

Thanks,
Jerry

 

Sophos does not do quite well in the various AV-comparatives test done by IBK. But IMO, Sophos is a good antivirus, since it has a very good record of independent testing some years ago along with KAV and Dr Solomons. Since Sophos is more of a corporate AV, the developers may focus more on stability than on detection rate to minimize false positives.

All I can tell is that, some time ago, Sophos was able to detect a virus that Norton don't detect. Sophos detect it as a suspicuous virus by its genotype heuristics. And of course, KAV also detect it.

 

Hi Chubb,

Thanks for the reply. I suspect we will get more information now that it is used by SS.

Best,
Jerry

 

Just for info for NIS/NAV 2007 users-

With SS V5.2, the scan times for NAV are significantly increased if the Windows System-Installation shield is active in SS. SpySweeper.exe CPU utilization during a NAV scan is ~ 60% throughout the scan which implies that SS is scanning each file as NAV scans it. Total NAV scan time is almost double in duration. This is without the AV component active in SS.

At least this is what is happening on my XP-SP2 HE system with NIS 2007.

 

I notice that it now looks as if rootkit detection is no longer a sweep option in SS 5.2 unless you buy the AV add-on. I don't like that. When you renew for a year and qualify for free upgrades during that period, you don't expect to lose functionality. Apparently the rootkit detection is superior with the Sophos AV, or maybe it was just too hard to reconfigure any overlapping detection capabilities. Whatever it may be, I think Webroot should extend rootkit detection to existing subscribers for the duration of their term, whatever that may entail.

I don't think you can alter the sweep speed any more either, as you could in 5.0. I always moved the slider all the way up; it seemed to make a difference in scan time.

How do we know that Sophos is the AV? I don't doubt that it is, but I did not see anything on the Webroot page about it, or elsewhere.

Do you get the feeling that Webroot will be coming out with their own security suite soon? They already had a firewall and AS product, and have now added AV capabilities. Everybody seems to be getting into the act, including unfortunately Microsoft. Zone Alarm has always had a good firewall, but now offers what tests have reported to be a very good suite overall -version 6.5 is the top rated suite in PC Magazine currently, and was judged the best for all-around protection by Consumer Reports in September 2006. I might consider it when my NIS expires.

Webroot has provided some scan options at last in 5.2, having added quick and custom scans to the full scan, which used to be the only option available.

All in all, I'm not sure how much of an improvement SS 5.2 is over 5.0.

 

if you choose custom you can click extra settings and enable rootkit detection and compressed folders
lodore

 

Hi dcdc,

The Sweep for Rootkits option is in the Advanced Options menu. The option is there no matter you have antivirus protection or not. So you can still scan for rootkits if you do not use the AV add-on.

http://img158.imageshack.us/img158/381/optionssweep1nl3.png

 

Hi lodore,

Thanks for that tip. Is that an obscure way of doing things or what? That's almost as bad as Windows Defender Beta's way of making you search for how to do an update. First click the down arrow next to the Help question mark, then click 'About Windows Defender', then FINALLY 'Check for updates', and wait for the balloon from the system tray. Ludicrous and pathetic.

By the way, I recall in 5.0 that it said that enabling rootkit detection would increase sweep time significantly, and it definitely did so for me.

 

I have tried two scans with 5.2: one with scan for rootkit on and another scan with scan for rootkit off, scanning the same partition, and keeping other scan options unchanged. The scan time is:

Rootkit turned ON: 14:39 min

Rootkit turned OFF: 13:59 min

So there is only a one minute difference if scan for rootkit is turned on.

 

i still think full scan should mean all options ticked including compressed folders and rootkits.

 

Hi Chubb,

Thanks to you as well. I mucked around trying to get this to work as expected, but obviously was not very successful. I guess 5.2 is just not that intuitive an interface for me. For one thing, I usually think of custom sweeps or settings as being more for which drives, folders, etc. to sweep, not which types of malware to sweep for.

Anyway, thanks to you both for your posts.

 

I think scanning for compressed folders would take more time than scanning for rootkits. I would prefer setting up a custom scan.

 

agreed but "full scan" doesnt that mean all?

 

Actually, during the beta testing stage, I proposed to move the antivirus shield to the Shield menu instead of placing it in the Options menu. It would be quite strange to have a shield tab in the Options menu. But in the end, the developers decided not to change it. But I am glad that some of my proposed changes has been taken into account of. The way of installation has been greatly improved comparing with the beta build.

 

Yes, but I will try to avoid a full scan, unless I start it before I go to bed.

It seems the scanning time has increased a quite bit in 5.2 than 5.0.

 

I tried the same test in 5.0, and my results were a bit more dramatic than that, several minutes difference between the two at least. Who knows what the relevant parameters are.

One comment I will make about SS scans, which I think I may have posted elsewhere a while ago, is that it makes a very dramatic difference in scan times if you shut down Spyware Doctor beforehand - something like 45 minutes vs. 15. (That of course assumes you have SD running in the first place!)

 

It's in the Press Release section of webroot.com

http://www.webroot.com/company/pressroom/pr/webroot-sophos.php

WEBROOT AND SOPHOS JOIN FORCES TO COMBAT GROWING PROBLEM OF INTERNET SECURITY THREATS

 

Yes, you are correct. Before I do a manual scan, I always do the following:

(1) Close the internet connection
(2) Close the firewall
(3) Close all other resident security software
(4) Close all other unnecessary software
(5) Only keep the scanner that you want an on-demand scan

In this way, your on-demand scan will never be affected by other security software. There had been a post here around which said that when A-Squared scanned a file, KAV will scan the file too. So it will double the time of the scan.

 

Yes, there is also one from Sophos' web site some weeks ago:

Sophos and Webroot join forces to combat growing problem of internet security threats

http://www.sophos.com/pressoffice/news/articles/2006/10/webroot-sophos.html

 

Hi Chubb,
Thanks for the info.I have one year subscription from now.But after installing the new version,my pc became slower and reseted twice.All of my favorites was deleted.(I've pentium 4 and 1gb.of ram)Therefore i have uninstalled it.I'll never use it again and I'm giving my one year subscription to webroot as a gift.

 

Well Cleatus, I am sorry to hear about your difficulties. Hardly an expert myself, I cannot begin to explain what has happened, but in my own experience SS is a reputable product, and a consistently top rated one as well. I have had it for some three years now as my principal AS and the only one I pay for, bought right after I got my first machine, and have upgraded regularly without any problems, with the exception of some confusion on my part from time to time about the new builds. (See this thread below for evidence of that.)

I think I am correct in saying that IE favorites can be restored from MSN as long as you do not create a new list of favorites in the interim. I made that mistake myself earlier this year.

If you download Process Explorer you can watch how much CPU time a program is using. I have not found that SS is taking up much time after startup is completed. Spyware Doctor, on the other hand, is an incredible resource hog during startup.

I would not give any software vendor a gift of my subscription if I were unhappy. Get your money back. They're all used to getting complaints and giving refunds, I am sure.

 

dcdc:

Just did the same upgrade. My SpySweeper subscription lapses end of November. I will renew since every you said about being a good product is correct. It has always taken less than SpyWare Doctor.

My favorites are still in place so that is a bum rap on SS. They may be missing but this product didn't cause it.

The question about doing a custom scan to hunt root kits rather than expecting it as a Full scan is a valid complaint. Watch out for that one. Custom should mean exceptions to exclude from a scan, not add ons.

My scan times on the new version are either less or the same. Never been an issue for me consiering the importance of what we are scanning for who cares if an extra minute or two are added if I get a better result?